Investigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
Oct. 28, 2024, 12:55 p.m.
Tags
External References
Description
A new threat cluster, UNC5820, has been observed exploiting a zero-day vulnerability in FortiManager appliances across multiple industries. The vulnerability allows unauthorized execution of arbitrary code or commands on vulnerable devices. The attackers staged and exfiltrated configuration data from managed FortiGate devices, potentially enabling further compromise. Exploitation attempts were first detected on June 27, 2024, with a second attempt on September 23, 2024. The threat actor added an unauthorized device to the FortiManager console and exfiltrated compressed archives containing sensitive configuration files. While no evidence of lateral movement has been found, organizations with exposed FortiManager devices are urged to conduct immediate forensic investigations.
Date
Published: Oct. 24, 2024, 11:31 a.m.
Created: Oct. 24, 2024, 11:31 a.m.
Modified: Oct. 28, 2024, 12:55 p.m.
Attack Patterns
UNC5820
T1030
T1213
T1005
T1016
T1082
T1083
T1020
T1190
T1133
T1059
CVE-2024-47575